Re: [Openvpn-devel] New pre-1.3.3 beta

2003-03-15 Thread James Yonan 
Matthias,

Patch looks good, though why the dummy() functions?  They generate warnings on
gcc 2.96 if you build with --disable-lzo, --disable-crypto, etc.  Some
compiler that doesn't like empty source files?

James

Matthias Andree  said:

> On Sat, 15 Mar 2003, James Yonan wrote:
> 
> > Yes, I think we should try to fix if it's only a trivial cast involved to
> > silence the warning.
> > 
> > I don't see them on gcc 2.96, even with "-Wall -W -Wpointer-arith
> > -Wsign-compare -Winline".
> 
> Indeed, it takes the sun compiler or the even more picky splint utility
> (www.splint.org) to see them.
> 
> The patch below doesn't fix
> "crypto.c", line 228: warning: end-of-loop code not reached
> 
> also on ll. 237 259 269 273 277 281 286 299 312 327.
> 
> Fixing that would require a rewrite of crypto.c, the issue is the
> 
> do { goto ...; } while(false);
> 
> I'm not fixing this and I don't recommend changing that at this time
> (after 1.3.3 maybe, if you're to fix that at all).
> 
> Here's the patch:
> 
> # buffer.c |   14 +++---
> # crypto.c |   12 ++--
> # error.c  |2 +-
> # lzo.c|2 ++
> # misc.c   |2 +-
> # packet_id.c  |4 ++--
> # reliable.c   |2 ++
> # session_id.c |2 ++
> # socket.c |4 ++--
> # ssl.c|6 --
> # thread.c |2 ++
> # tun.c|4 ++--
> # 12 files changed, 33 insertions(+), 23 deletions(-)
> 
> Index: buffer.c
> ===
> RCS file: /cvsroot/openvpn/openvpn/buffer.c,v
> retrieving revision 1.11
> diff -u -r1.11 buffer.c
> --- buffer.c  15 Mar 2003 07:18:00 -  1.11
> +++ buffer.c  15 Mar 2003 22:42:02 -
> @@ -115,14 +115,14 @@
>  {
>va_list arglist;
>  
> -  char *ptr = BEND (buf);
> +  uint8_t *ptr = BEND (buf);
>int cap = buf_forward_capacity (buf);
>  
>va_start (arglist, format);
> -  vsnprintf (ptr, cap, format, arglist);
> +  vsnprintf ((char *)ptr, cap, format, arglist);
>va_end (arglist);
>  
> -  buf->len += strlen (ptr);
> +  buf->len += strlen ((char *)ptr);
>  }
>  
>  /*
> @@ -137,7 +137,7 @@
>int len = strlen (str) + 1;
>if (len < buf_forward_capacity_total (buf))
>   {
> -   strncpynt (buf->data + buf->capacity - len, str, len);
> +   strncpynt ((char *)(buf->data + buf->capacity - len), str, len);
>   }
>  }
>  }
> @@ -148,7 +148,7 @@
>  void
>  convert_to_one_line (struct buffer *buf)
>  {
> -  char *cp = BPTR(buf);
> +  uint8_t *cp = BPTR(buf);
>int len = BLEN(buf);
>while (len--)
>  {
> @@ -185,7 +185,7 @@
>struct gc_entry *e;
>struct gc_thread* thread = _gc_thread[thread_number()];
>  
> -  while (e = thread->gc_stack)
> +  while ((e = thread->gc_stack))
>  {
>if (e->level < level)
>   break;
> @@ -235,5 +235,5 @@
>buf_printf (, "%02x", data[i]);
>  }
>buf_catrunc (, "[more...]");
> -  return out.data;
> +  return (char *)out.data;
>  }
> Index: crypto.c
> ===
> RCS file: /cvsroot/openvpn/openvpn/crypto.c,v
> retrieving revision 1.14
> diff -u -r1.14 crypto.c
> --- crypto.c  21 Feb 2003 16:14:05 -  1.14
> +++ crypto.c  15 Mar 2003 22:42:03 -
> @@ -184,7 +184,7 @@
> HMAC_Update (ctx->hmac, BPTR (), BLEN ());
> output = buf_prepend (, HMAC_size (ctx->hmac));
> ASSERT (output);
> -   HMAC_Final (ctx->hmac, output, _len);
> +   HMAC_Final (ctx->hmac, output, (unsigned int *)_len);
> ASSERT (hmac_len == HMAC_size (ctx->hmac));
>   }
>  
> @@ -229,7 +229,7 @@
>  
> HMAC_Update (ctx->hmac, BPTR (buf) + hmac_len,
>  BLEN (buf) - hmac_len);
> -   HMAC_Final (ctx->hmac, local_hmac, _hmac_len);
> +   HMAC_Final (ctx->hmac, local_hmac, (unsigned int *)_hmac_len);
> ASSERT (hmac_len == in_hmac_len);
>  
> /* Compare locally computed HMAC with packet HMAC */
> @@ -883,9 +883,9 @@
>if (fd == -1)
>  msg (M_ERR, "Cannot open shared secret file %s", filename);
>  
> -  while (size = read (fd, in.data, in.capacity))
> +  while ((size = read (fd, in.data, in.capacity)))
>  {
> -  const char *cp = in.data;
> +  const char *cp = (char *)in.data;
>while (size)
>   {
> const char c = *cp;
> @@ -923,7 +923,7 @@
>   if (hb_index == 2)
> {
>   unsigned int u;
> - ASSERT(sscanf(hex_byte, "%x", ) == 1);
> + ASSERT(sscanf((const char *)hex_byte, "%x", ) == 1);
>   *out++ = u;
>   hb_index = 0;
>   if (++count == keylen)
> @@ -982,7 +982,7 @@
>buf_printf (, "%s\n", static_key_foot);
>  
>/* write data to file */
> -  len = strlen (BPTR());
> +  len = strlen ((char *)BPTR());
>size = write (fd, BPTR(), len);
>if (size

Re: [Openvpn-devel] New pre-1.3.3 beta

2003-03-15 Thread Matthias Andree 
On Sat, 15 Mar 2003, James Yonan wrote:

> Yes, I think we should try to fix if it's only a trivial cast involved to
> silence the warning.
> 
> I don't see them on gcc 2.96, even with "-Wall -W -Wpointer-arith
> -Wsign-compare -Winline".

Indeed, it takes the sun compiler or the even more picky splint utility
(www.splint.org) to see them.

The patch below doesn't fix
"crypto.c", line 228: warning: end-of-loop code not reached

also on ll. 237 259 269 273 277 281 286 299 312 327.

Fixing that would require a rewrite of crypto.c, the issue is the

do { goto ...; } while(false);

I'm not fixing this and I don't recommend changing that at this time
(after 1.3.3 maybe, if you're to fix that at all).

Here's the patch:

# buffer.c |   14 +++---
# crypto.c |   12 ++--
# error.c  |2 +-
# lzo.c|2 ++
# misc.c   |2 +-
# packet_id.c  |4 ++--
# reliable.c   |2 ++
# session_id.c |2 ++
# socket.c |4 ++--
# ssl.c|6 --
# thread.c |2 ++
# tun.c|4 ++--
# 12 files changed, 33 insertions(+), 23 deletions(-)

Index: buffer.c
===
RCS file: /cvsroot/openvpn/openvpn/buffer.c,v
retrieving revision 1.11
diff -u -r1.11 buffer.c
--- buffer.c15 Mar 2003 07:18:00 -  1.11
+++ buffer.c15 Mar 2003 22:42:02 -
@@ -115,14 +115,14 @@
 {
   va_list arglist;

-  char *ptr = BEND (buf);
+  uint8_t *ptr = BEND (buf);
   int cap = buf_forward_capacity (buf);

   va_start (arglist, format);
-  vsnprintf (ptr, cap, format, arglist);
+  vsnprintf ((char *)ptr, cap, format, arglist);
   va_end (arglist);

-  buf->len += strlen (ptr);
+  buf->len += strlen ((char *)ptr);
 }

 /*
@@ -137,7 +137,7 @@
   int len = strlen (str) + 1;
   if (len < buf_forward_capacity_total (buf))
{
- strncpynt (buf->data + buf->capacity - len, str, len);
+ strncpynt ((char *)(buf->data + buf->capacity - len), str, len);
}
 }
 }
@@ -148,7 +148,7 @@
 void
 convert_to_one_line (struct buffer *buf)
 {
-  char *cp = BPTR(buf);
+  uint8_t *cp = BPTR(buf);
   int len = BLEN(buf);
   while (len--)
 {
@@ -185,7 +185,7 @@
   struct gc_entry *e;
   struct gc_thread* thread = _gc_thread[thread_number()];

-  while (e = thread->gc_stack)
+  while ((e = thread->gc_stack))
 {
   if (e->level < level)
break;
@@ -235,5 +235,5 @@
   buf_printf (, "%02x", data[i]);
 }
   buf_catrunc (, "[more...]");
-  return out.data;
+  return (char *)out.data;
 }
Index: crypto.c
===
RCS file: /cvsroot/openvpn/openvpn/crypto.c,v
retrieving revision 1.14
diff -u -r1.14 crypto.c
--- crypto.c21 Feb 2003 16:14:05 -  1.14
+++ crypto.c15 Mar 2003 22:42:03 -
@@ -184,7 +184,7 @@
  HMAC_Update (ctx->hmac, BPTR (), BLEN ());
  output = buf_prepend (, HMAC_size (ctx->hmac));
  ASSERT (output);
- HMAC_Final (ctx->hmac, output, _len);
+ HMAC_Final (ctx->hmac, output, (unsigned int *)_len);
  ASSERT (hmac_len == HMAC_size (ctx->hmac));
}

@@ -229,7 +229,7 @@

  HMAC_Update (ctx->hmac, BPTR (buf) + hmac_len,
   BLEN (buf) - hmac_len);
- HMAC_Final (ctx->hmac, local_hmac, _hmac_len);
+ HMAC_Final (ctx->hmac, local_hmac, (unsigned int *)_hmac_len);
  ASSERT (hmac_len == in_hmac_len);

  /* Compare locally computed HMAC with packet HMAC */
@@ -883,9 +883,9 @@
   if (fd == -1)
 msg (M_ERR, "Cannot open shared secret file %s", filename);

-  while (size = read (fd, in.data, in.capacity))
+  while ((size = read (fd, in.data, in.capacity)))
 {
-  const char *cp = in.data;
+  const char *cp = (char *)in.data;
   while (size)
{
  const char c = *cp;
@@ -923,7 +923,7 @@
if (hb_index == 2)
  {
unsigned int u;
-   ASSERT(sscanf(hex_byte, "%x", ) == 1);
+   ASSERT(sscanf((const char *)hex_byte, "%x", ) == 1);
*out++ = u;
hb_index = 0;
if (++count == keylen)
@@ -982,7 +982,7 @@
   buf_printf (, "%s\n", static_key_foot);

   /* write data to file */
-  len = strlen (BPTR());
+  len = strlen ((char *)BPTR());
   size = write (fd, BPTR(), len);
   if (size != len)
 msg (M_ERR, "Write error on shared secret file %s", filename);
Index: error.c
===
RCS file: /cvsroot/openvpn/openvpn/error.c,v
retrieving revision 1.15
diff -u -r1.15 error.c
--- error.c 15 Mar 2003 07:18:00 -  1.15
+++ error.c 15 Mar 2003 22:42:03 -
@@ -177,7 +177,7 @@
 {
   int nerrs = 0;
   int err;
-  while (err = ERR_get_error ())
+  while ((err = ERR_get_error ()))
{
  snprintf (m2,

Re: [Openvpn-devel] New pre-1.3.3 beta

2003-03-15 Thread Matthias Andree 
On Sat, 15 Mar 2003, James Yonan wrote:

> If you have a chance, please test this beta.  I mostly use linux 2.4 for
> development, so I don't have much of a chance to test on linux 2.2 and
> non-linux OSes.

There are some warnings with Sun's compiler about uint8_t vs. char
clashes. Do you intend to silence the warnings or are you interested to
see them? I think they're harmless but annoying.

Other than that, it compiles on FreeBSD 4.8-RC x86 and Solaris 8 sparc
(32-bit mode), on the latter with Sun's compiler and gcc 2.95.

-- 
Matthias Andree

[Openvpn-devel] New pre-1.3.3 beta

2003-03-14 Thread James Yonan 
If you have a chance, please test this beta.  I mostly use linux 2.4 for
development, so I don't have much of a chance to test on linux 2.2 and
non-linux OSes.

Since the last beta announcement on this list, there's been a bunch of changes
including build system portability fixes, --dev-name, and --mtu-disc.  The
latter gives access to a linux system call that allows some manual control
over how and whether Path MTU Discovery is implemented on the UDP socket.

You can download via CVS or from a tarball:

http://openvpn.sourceforge.net/beta/openvpn-1.3.2.17.tar.gz

Change Log:

* Added --replay-persist feature to allow replay
  protection across sessions.
* Fixed bug where --ifconfig could not be used
  with --tun-mtu.
* Added --tun-mtu-extra parameter to deal with
  the situation where a read on a TUN/TAP device
  returns more data than the device's MTU size.
* Fixed bug where some IPv6 support code for
  Linux was not being properly ifdefed out for
  Linux 2.2, causing compile errors.
* Added OPENVPN_EXIT_STATUS_x codes to
  openvpn.h to control which status value
  openvpn returns to its caller (such as
  a shell or inetd/xinetd) for various conditions.
* Added OPENVPN_DEBUG_COMMAND_LINE flag to
  openvpn.h to allow debugging in situations
  where stdout, stderr, and syslog cannot be used
  for message output, such as when OpenVPN is
  instantiated by inetd/xinetd.
* Removed owner-execute permission from file
  created by static key generator (Herbert Xu
  and Alberto Gonzalez Iniesta).
* Added --passtos option to allow IPv4 TOS bits
  to be passed from TUN/TAP input packets to
  the outgoing UDP socket (Craig Knox).
* Added code to prevent open socket file descriptors
  from being accessible to called scripts.
* Added --dev-name option (Christian Lademann).
* Added --mtu-disc option for manual control
  over MTU options.
* Show OS MTU value on UDP socket write failures
  (linux only).
* Numerous build system and portability
  fixes (Matthias Andree).
* Added better sensing of compiler support for
  variable argument macros, including (a) gcc
  style, (b) ISO C 1999 style, and (c) no support.
* Removed generated files from CVS.  Note INSTALL
  file for new CVS build commands.
* Changed all internal _* symbols to x_*
  for C standards compliance.

James